0.19.0

️⚠️ A critical OAuth login CSRF vulnerability caused by missing state validation was
reported by @davidbors-snyk (Snyk Security Labs)
in #266 and has been resolved
in version 0.19.0.

Starting with fastapi-sso==1.0.0, OAuth state will be backed by a pluggable server-side store
(in-memory by default, with support for external stores such as Redis).

What's Changed

• chore(deps): bump the all group with 11 updates by @dependabot[bot] in #230
• chore(deps): bump the all group with 3 updates by @dependabot[bot] in #231
• chore(deps): bump the all group with 6 updates by @dependabot[bot] in #232
• chore(deps): bump the all group with 4 updates by @dependabot[bot] in #233
• chore(deps-dev): bump the all group with 3 updates by @dependabot[bot] in #234
• chore(deps-dev): bump the all group with 2 updates by @dependabot[bot] in #235
• chore(deps): bump the all group across 1 directory with 3 updates by @dependabot[bot] in #237
• chore(deps): bump the all group across 1 directory with 3 updates by @dependabot[bot] in #239
• chore(deps-dev): bump the all group across 1 directory with 4 updates by @dependabot[bot] in #241
• chore(deps): bump the all group with 5 updates by @dependabot[bot] in #242
• chore(deps): bump the all group across 1 directory with 10 updates by @dependabot[bot] in #247
• chore(deps-dev): bump the all group with 3 updates by @dependabot[bot] in #248
• chore(deps-dev): bump the all group across 1 directory with 3 updates by @dependabot[bot] in #251
• chore(deps-dev): bump the all group with 3 updates by @dependabot[bot] in #252
• chore(deps-dev): bump the all group with 2 updates by @dependabot[bot] in #253
• chore(deps): bump the all group with 2 updates by @dependabot[bot] in #254
• chore(deps): bump the all group across 1 directory with 12 updates by @dependabot[bot] in #259
• fix: enforce state validation by @davidbors-snyk in #267
• chore(deps): bump the all group across 1 directory with 7 updates by @dependabot[bot] in #265
• docs(#266): warn against using state as an arbitrary data transport by @tomasvotava in #269

New Contributors

• @davidbors-snyk made their first contribution in #267

Full Changelog: 0.18.0...0.19.0

0.18.0

What's Changed

Removed support for python 3.8

• chore: add Python 3.13 to testing and linting workflows by @tomasvotava in #226
• chore: update Python version to 3.12 and improve documentation workflow by @tomasvotava in #227
• chore(deps-dev): bump the all group across 1 directory with 2 updates by @dependabot in #228
• feat:use id token for linkedin userinfo by @tomasvotava in #229

Full Changelog: 0.17.0...0.18.0

0.17.0

What's Changed

• docs: update guide on return urls by @tomasvotava in #206
• feat: add Discord and Bitbucket providers by @tomasvotava in #207
• bump: 0.17.0 by @tomasvotava in #208

Full Changelog: 0.16.0...0.17.0

Thanks @afi-dev for the contribution!

0.16.0

Please see the security notice before upgrading.

What's Changed

• chore(deps): bump the all group across 1 directory with 6 updates by @dependabot in #171
• chore(deps): bump the all group with 5 updates by @dependabot in #172
• chore(deps): bump the all group with 3 updates by @dependabot in #176
• chore(deps): bump the all group across 1 directory with 10 updates by @dependabot in #183
• chore(deps-dev): bump the all group with 4 updates by @dependabot in #184
• chore(deps): bump the all group across 1 directory with 7 updates by @dependabot in #188
• chore(deps): bump the all group across 1 directory with 10 updates by @dependabot in #192
• chore(deps): bump the all group across 1 directory with 6 updates by @dependabot in #195
• added Seznam SSO provider by @TomasKoutek in #194
• chore(deps): bump the all group across 1 directory with 8 updates by @dependabot in #203
• chore(deps-dev): bump the all group with 2 updates by @dependabot in #204
• feat!: utilize async lock to overcome dangerous race conditions by @tomasvotava in #189
• bump: 0.16.0 by @tomasvotava in #205

New Contributors

• @TomasKoutek made their first contribution in #194

Full Changelog: 0.15.0...0.16.0

0.15.0

What's Changed

• chore(deps): bump the all group across 1 directory with 10 updates by @dependabot in #158
• chore: switch from pylint to ruff by @tomasvotava in #160
• fix: default e-mail "" was invalid and should be None by @tomasvotava in #166
• chore: improve callback logging by @tomasvotava in #167

Full Changelog: 0.14.2...0.15.0

0.14.2

What's Changed

• [hotfix] add naver email, nickname fields(optinal). by @dalbodeule in #153

Full Changelog: 0.14.1...0.14.2

0.14.1

What's Changed

• chore(deps): bump the all group with 3 updates by @dependabot in #149
• chore(deps): bump the all group with 3 updates by @dependabot in #151
• fix naver.py with newer version API by @dalbodeule in #152

New Contributors

• @dalbodeule made their first contribution in #152

Full Changelog: 0.14.0...0.14.1

0.14.0

What's Changed

• feat: added Yandex SSO provider by @akimrx in #146
• fix(gitlab): added support for on-premise gitlab, first name and last name by @akimrx in #145
• feat: add ability to get original userinfo response instead of OpenID by @tomasvotava in #148
• fix: do not pass params twice to token request by @tomasvotava in #147
  • thanks @chrisK824 for reporting and testing

New Contributors

• @akimrx made their first contribution in #146

Full Changelog: 0.13.1...0.14.0

0.13.1

What's Changed

• chore(deps): bump the all group with 3 updates by @dependabot in #140
• chore(deps-dev): bump the all group with 5 updates by @dependabot in #142
• chore(deps-dev): bump the all group with 1 update by @dependabot in #144
• Fix GitLab OpenID instance as it breaks with latest pydantic by @chrisK824 in #143

New Contributors

• @chrisK824 made their first contribution in #143

Full Changelog: 0.13.0...0.13.1

0.13.0

What's Changed

• feat: add TwitterSSO to support Twitter (X) login by @tomasvotava in #139

Full Changelog: 0.12.2...0.13.0